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Remarks 

This Application has been carefully reviewed in light of the Final Office Action 
("Office Action") mailed electronically on March 19, 2009. Applicant appreciates the 
Examiner's consideration of the Application. Claims 1-24 remain pending. Applicant 
respectfully requests reconsideration and allowance of all pending claims. 

Claim Objections 

Applicant appreciates the Examiner withdrawing his objections to Claims 1, 7, and 
13. The Examiner continues to object to Claim 19. Specifically, the Examiner relies on 
M.P.E.P. ch. 21 1 1.04 in objecting to the language "being operable to" in Claim 19. 

Applicant believes the Examiner considers the phrase "being operable to" to be 
similar to the "adapted to" clause discussed in ch. 2111.04 of the M.P.E.P. However, the 
M.P.E.P. states "[t]he determination of whether each of these clauses is a limitation in a claim 
depends on the specific facts of the case." When a "whereby clause states a condition that is 
material to patentability, it cannot be ignored in order to change the substance of the 
invention," (M.P.E.P. ch. 21 1 1.04, citing Hoffer v. Microsoft Corp., 405 F.3d 1326, 1329, 74 
U.S.P.Q.2d 1481, 1483 (Fed. Cir. 2005)). The analysis should be analogous for an "operable 
to" clause. 

A claim element described as "operable to" perform certain functions covers 
operations that the element is capable of performing, and not just operations that the element 
may be capable of performing. The ordinary dictionary definition of "operable" is 
"practicable." See, e.g., The American Heritage College Dictionary, 3rd Ed., Houghton 
Mifflin (1997). The dictionary definition of "practicable" is "capable of being affected, done 
or put into practice." See id. Thus, elements following the term "operable to" in a particular 
claim element constitute operations that the claim element is capable of performing. 
Operations that a claim element is capable of performing are limitations because the element 
is thus distinguished from the prior art that is not capable of performing the operations. 

Additionally, "operable to" is a commonly used term in patent application claims and 
is present in claims of numerous patents issued by the United States Patent and Trademark 
Office. An informal search of the USPTO's website (performed May 13, 2009) returned well 
over 150,000 issued patents with claims reciting the phrases "operable to" or "being operable 
to." Applicant respectfully contends that use of the phrase "being operable to" is proper. In 
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short, use of the phrase "operable to" in claims is a practice that is both well accepted and 
currently supported by the PTO. To the extent that the Examiner intends to maintain his 
position with respect to the phrase "being operable to," Applicant respectfully requests the 
Examiner to provide support from applicable authority, such as case law or statutes. 
Otherwise, Applicant respectfully requests that this objection be withdrawn. 

Rejections under 35 U.S.C. § 103 

The Examiner continues to reject Claims 1-5, 7-11, 13-17, and 19-23 under 35 U.S.C. 
§ 103(a) as being unpatentable over Vaidya in view of Nakae, Applicant respectfully 
traverses these rejections for the reasons discussed below. 

In order to establish a prima facie case of obviousness of a claimed invention, all 
claim limitations must be taught or suggested by the prior art. See M.P.E.P. § 2143. 

Claim 1 recites: 

A method for maintaining security of a computer system, comprising: 
determining an initial system certainty value for the computer system; 
providing access to a database of signatures, each signature including a 
signature certainty value; 
receiving data; 

comparing the received data with the database of signatures; 

increasing the system certainty value if the received data does not 
match a signature in the database; 

decreasing the system certainty value if the received data matches a 
signature in the database; and 

filtering the data based on the system certainty value and the signature 
certainty value of a signature matching the received data. 

Applicant respectfully contends that the proposed Vaidya-Nakae combination fails to 
disclose, teach, or suggest every limitation of Claim 1 . The Office Action states that Vaidya 
fails to explicitly disclose the limitations "determining an initial system certainty value for 
the computer system," "increasing the system certainty value if the received data does not 
match a signature in the database," and "decreasing the system certainty value if the received 
data matches a signature in the database." Office Action, pgs. 5-6. Instead, the Office Action 
relies on Nakae as disclosing or suggesting these limitations. Office Action, pg. 6. 

Nakae discloses an attack defending system, including a firewall unit and a decoy 
device. Nakae, 0018-0022. After receiving a data packet, the firewall unit "obtains a 
corresponding confidence level." Nakae, \ 0169. This confidence level is compared "with a 
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predetermined threshold value and, depending on its comparison result," the received packet 
is either forwarded to the internal network or to a decoy device. Nakae, If 0169. However, 
the confidence levels of Nakae correspond to the IP address of the received data packet . As 
such, there are "a set of combinations" of different confidence levels for corresponding IP 
addresses. Applicant respectfully contends that these multiple confidence levels for the 
multiple sources of received data fail to teach, disclose, or suggest determining an initial 
system certainty value for the computer system . 

Additionally, the Office Action relies on paragraph 176, lines 3-4 of Nakae as 
disclosing "increasing the system certainty value" and paragraph 239, lines 1-7 of Nakae as 
disclosing "decreasing the system certainty value if the received data matches a signature in 
the database." Office Action, pg. 6. Again, Applicant respectfully contends that these 
portions disclose the confidence level associated with the source of received data , not a 
system certainty value . 

Additionally, regardless of whether or not the confidence levels of Nakae disclose a 
system certainty value, Applicant respectfully contends that the Office Action's reliance on 
the two cited portions of Nakae is still misplaced. When a packet is received by firewall 5, 
the confidence management section 502 (which is part of firewall 5 - see Tf 0168) "obtains a 
confidence level corresponding to the IP address" of the packet. Nakae, U 0174. If no match 
is found for the IP address, a default initial value is output as the confidence level for that 
packet. Id. at 1 0175. After a confidence level is output, the confidence management section 
502 increases the relevant confidence value. Id. at K 0176. Therefore, according to Nakae, 
the confidence level of a given IP address is increased regardless of whether there is a 
matching IP address stored in confidence management section 502. As such, Applicant 
respectfully contends that Nakae fails to disclose, teach, or suggest increasing the system 
certainty value if the received data does not match a signature in the database and decreasing 
the system certainty value if the received data matches a signature. 

Furthermore, in certain instances, the firewall may guide a received IP packet to the 
decoy unit to determine if there is an attack. If the decoy device detects an attack, it sends an 
alert and "the confidence level of the source IP address included in the alert is decreased." 
Id. at K 0239. The decoy device detects an attack is occurring based on whether a rule 
associated with a predetermined attack category is violated. Id. at \ 0024. However, there is 
no teaching, disclosure, or suggestion that this determination is based on signatures. As such, 
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applicant respectfully contends that this fails to disclose or suggest decreasing the system 
certainty value if the received data matches a signature.. 

The Office Action states that Nakae "makes a correlation between 
increasing/decreasing the confidence level in association with attacks based on information." 
Office Action, pg. 11. Applicant does not necessarily agree. Claim 1 requires increasing the 
system certainty value if the received data does not match a signature in the database and 
decreasing the system certainty value if the received data matches a signature. As shown 
above, the system in Nakae increases a confidence level for individual IP addresses whenever 
a packet is received — regardless of whether the data matches or does not match a signature. 
Additionally, the system of Nakae decreases a confidence level for individual IP addresses 
whenever an attack is detected, and there is no disclosure or suggestion that this occurs 
because data either matches or does not match a signature. For at least these reasons, 
Applicant respectfully contends that Nakae fails to disclose, teach, or suggest the limitations 
"determining an initial system certainty value for the computer system," "increasing the 
system certainty value if the received data does not match a signature in the database," and 
"decreasing the system certainty value if the received data matches a signature in the 
database." Accordingly, Applicant respectfully requests reconsideration and allowance of 
Claim 1 . 

Claims 2-5 depend from Claim 1 and incorporate all the limitations thereof. As such, 
Applicant respectfully requests reconsideration and allowance of Claims 2-5 for at least the 
same reasons as Claim 1 . 

Similar to Claim 1, Claims 7, 13, and 19 include elements directed to "increasing the 
system certainty value if the received data does not match a signature in the database" and 
"decreasing the system certainty value if the received data matches a signature in the 
database." Thus, for at least the reasons discussed above with regard to Claim 1, Applicant 
respectfully requests reconsideration and allowance of Claims 7, 13, and 19. Claims 8-11 
depend from Claim 7 and incorporate all the limitations thereof. Claims 14-17 depend from 
Claim 13 and incorporate all the limitations thereof. Claims 20-23 depend from Claim 19 
and incorporate all the limitations thereof. As such, Applicant respectfully requests 
reconsideration and allowance of Claims 8-11,14-17, and 20-23 be withdrawn. 
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The Examiner continues to reject Claims 6, 12, 18, and 24 under 35 U.S.C. § 103(a) 
as being unpatentable over Vaidya in view of Nakae and in further view of Mor an. Applicant 
respectfully traverses these rejections for the reasons discussed below. 

Claim 6 depends from Claim 1, and incorporates all the limitations thereof. Claim 12 
depends from Claim 7 and incorporates all the limitations thereof. Claim 18 depends from 
Claim 13 and incorporates all the limitations thereof. Claim 24 depends from Claim 19 and 
incorporates all the limitations thereof. As discussed above, the proposed Vaidya-Nakae 
combination fails to teach all of the elements of Claims 1, 7, 13, and 19. Moran fails to 
overcome these deficiencies. Therefore, Applicant respectfully requests reconsideration and 
allowance of Claims 6, 12, 18, and 24 for at least the same reasons as discussed above with 
regard to their respective base claims. 

No Waiver 

All of Applicant's arguments are without prejudice or disclaimer. By not responding 
to additional statements made by the Examiner, Applicant does not acquiesce to the 
Examiner's additional statements. The remarks discussed by Applicant are sufficient to 
overcome the Examiner' s rejections. 
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CONCLUSION 



Applicant has made an earnest attempt to place this case in condition for allowance. 
For the foregoing reasons, and for other apparent reasons, Applicant respectfully requests full 
allowance of all pending claims. 

Applicant believes that no fee is due. However, the Commissioner is hereby 
authorized to charge any fee or credit any overpayment to Deposit Account No. 02-0384 of 
BAKER BOTTS L.L.P. 

If the Examiner believes a telephone conference would advance prosecution of this 
case in any way, the Examiner is invited to contact Luke K. Pedersen, Attorney for 
Applicant, at the Examiner's convenience at (214) 953-6655. 



Respectfully submitted, 



BAKER BOTTS L.L.P. 
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